ABAP HTTP(S) Client: HTTPS with server containing self-signed certificate
I want to communicate using CL_HTTP_CLIENT (ABAP Stack in WebAS) over HTTPS with a server containing <u>self-signed</u> certificate. (In some more details, I wanna go through form-based authentication in this way)
What I already have done is
1. Client Identity (MAIL) in STRUST with the certificate of the target server
2. the small demo instantiating HTTP client in this way
cl_http_client=>create_by_url( exporting url = lf_url ssl_id = 'MAIL'
importing client = http_client ).
Unfortunately, the request doesn't leave the server and in ICM trace I can see that the reason is that the target certificate is not verified:
[Thr 3476] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed #
ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=ISVPMAIL"#
ERROR in get_path: (27/0x001b) Found root certificate of <CN=ISVPMAIL> which does not fit the given PKRoot #
ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=ISVPMAIL> which does not fit the given PKRoot #
Can I anyhow specify in STRUST that the certificate is self-signed, or is it possible to add this certificate to the list of root certificates on WebAS?
Wolfgang Janzen replied
do you know <a href="https://service.sap.com/sap/support/notes/1094342">SAP Note 1094342</a>, already?
Advice: ensure that you are using the "SSL client certificate 'ANONYM" (not "DFAULT") since you only intend to use SSL for encrypted data transmission (but not for SSO based on client certificates).